Privacy Risk Report

Tressler’s Privacy Practice Group brings you recent developments and insights on cyber liability, privacy and data storage.

Blog Authors

Latest from Privacy Risk Report

As the number of lawsuits based on claimed violations of the Illinois Biometric Information Protection Act (“BIPA”) increase, litigants have struggled to find guidance from the courts on this new area of law. The Ninth Circuit’s August 8, 2019 decision in Patel v. Facebook, Inc., No. 18-15982 (August 8, 2019) provides slightly more guidance. In Facebook, the Ninth Circuit affirmed the district court’s finding that allegations related to Facebook’s use and storage of “face templates” may violate BIPA. The Ninth Circuit focused on whether the plaintiff’s allegations constitute a concrete and particularized harm sufficient to confer Article III standing under…
The compliance deadline for the California Consumer Privacy Act (“CCPA”) is January 1, 2020. Even though the CCPA is the first privacy law that will directly impact a large number of U.S. businesses, the best strategy for most U.S. businesses will be to take a measured response toward this new law. GDPR Hysteria The General Data Protection Regulation (“GDPR”) has been in effect for more than a year. And, without question, GDPR has impacted privacy law across the world as 59,000 data breaches were reported to the EU supervisory authorities which resulted in the assessment of about 90 penalties since…
The law related to Illinois Biometric Information Protection Act (“BIPA”) came to a halt over the last year or so while the Illinois Supreme Court analyzed what constitutes an injury under the Act. As expected, courts have started to once again visit the various legal issues related to biometric data now that the Rosenbach decision has been issued. Now that BIPA cases are moving through the courts again, one major issue will be what is the proper venue for these cases as many BIPA claims intertwine state and federal laws. The Seventh Circuit recently undertook an analysis of the Illinois…
The current roster of threats–ransomware, phishing schemes and hacking–are well understood at this point. Of course, these threats are constantly evolving as we live in a world where criminals get bored quickly and need to move on. The newest privacy threat may involve elaborately faked videos, called “deepfakes,” which may be used to disparage people. A manipulated video of House Speaker Nancy Pelosi recently went viral was slowed down to make it appear she was slurring her words following a meeting with President Donald Trump. This incident was the first time the public came face to face with this new…
It is a pivotal moment when the United States Supreme Court addresses data breach cases. There was a time when people said that cyber security would be like “Y2K” and any preparations for cyber issues would suffer the same embarrassing fate as buying a generator to prepare for “Y2K.” There is no need to get too emotional, but there is no reasonable dispute that privacy issues are now just a part of our lives. April 24, 2019 is a watershed moment in privacy law when the U.S. Supreme Court issued a decision in Lamps Plus, Inc. v. Varela, 2019 1780275 (April
While the United States may not have data protections in place that are as extensive as those seen the European Union’s adoption of GDPR, there is still a comprehensive framework of state and federal regulations in place to protect personal information. Many industries are building on the foundation set by state and federal guidelines by creating industry-specific cyber standards. For example, various organizations in the insurance industry are taking steps to ensure their members have guidance on cyber security. The Insurance Industry’s Data Protection Standards The National Association of Insurance Commissioners (“NAIC”), an organization that coordinates the efforts of…
Protecting against cyber attacks requires coordination between data collectors and their vendors who assist in protecting that data.  Typically, vendors include public relations professionals, forensic experts and security experts to assist after the breach.  It is important to keep in mind that a vendor’s work may be controlled through contracts or agreements that place a number of obligations on a data collector.  That is, in order to receive the vendors’ assistance, a data collector may have to agree to various conditions including indemnifying the vendor and having all disputes resolved through arbitration.  In short, data collectors will need to be fully…
Biometric data is playing a larger role in employment law as more employers begin using equipment to scan employees’ fingerprints to clock in for work. Each week more employers are defending themselves against claims by the employees such as the class action lawsuit filed against Patriot Medical Transport in Cook County Circuit Court last month. The employees in the Patriot Medical litigation claim they “have suffered injury from the unlawful collection and storage of their fingerprints, hand geometry or other biometric data.” We can expect these class actions to continue to increase with the increased use of equipment that collects…
[embedded content] Data breach litigation inherently involves a significant amount of information, so it is no surprise to see discovery issues in breach cases. The typical data breach lawsuit may include discovery requests for pre-breach information (response plans, audits), response information (notification letters and phone scripts) and post breach information (remediation and vendor information).  Suffice it to say, there is ripe opportunity for discovery disputes with this amount of information needing to be exchanged between the parties. The Blue Cross breach, or Premera breach, occurred in 2015 and involved the unauthorized disclosure of confidential information of approximately 11 million current…
While many states are still struggling to enact comprehensive cyber/privacy laws and the federal government still lacks a uniform framework, Illinois data collectors have been working under the most advanced privacy statutes and common law in the United States. Specifically, the Illinois legislature has taken steps through the Personal Information Protection Act and the Biometric Information Protection Act (“Biometric Act”) that will put data collectors and courts at the forefront of privacy law for years to come. The latest development in Illinois privacy law was seen last Friday when the Illinois Supreme Court issued its decision in Rosenbach v. Six Flags…
NotPetya was a malware attack that began to impact businesses around the world in June of 2017.  As it turns out, the US and UK governments have publicly blamed Russia for NotPetya.  Many commentators believe NotPetya was a politically-motivated attack against Ukraine, since it occurred on the eve of the Ukrainian’s Constitution Day. “The release of NotPetya was an act of cyberwar by almost any definition—one that was likely more explosive than even its creators intended.”  Suffice it to say, while NotPetya may no longer be an immediate threat, the damages caused by this event will create a…
The Illinois Biometric Information Protection Act (“Act”) states that “[a]ny person aggrieved by a violation of this Act shall have a right of action in a State circuit court or as a supplemental claim in federal district court against an offending party.”  Last week, the Illinois Supreme Court heard arguments on what may become the cornerstone decision interpreting the term “aggrieved” as used in the Act.  In Rosenbach v. Six Flags Entertainment Corp., 2017 Ill. App (2d) 170317, 2017 WL 65239, the Illinois Court of Appeals held allegations that an amusement park took patrons’ thumbprints without proper consent was not…
Bitcoin has been a popular buzz word for the last couple of years. People have written several articles on the topic, created documentaries to explain how it works, and some have even ventured out to dabble in the exchange. While we all seem to have a vague understanding of this currency, are we certain courts will interpret our value of the currency the same? Is the currency equivalent to money?  The courts are getting closer to providing answers to these questions. The United State District Court in the Southern District of Florida recently explored these questions in Ira Kleiman, et…